[159179] in North American Network Operators' Group
Re: SSL Certificates and ... Providers
daemon@ATHENA.MIT.EDU (Andrew Latham)
Thu Dec 27 14:58:52 2012
In-Reply-To: <CC75EEBF17C7374EA8309102B7B10C840109D3E657@SHSBS.shenrons-house.local>
Date: Thu, 27 Dec 2012 14:54:53 -0500
From: Andrew Latham <lathama@gmail.com>
To: Blake Pfankuch <blake@pfankuch.me>
Cc: "NANOG \(nanog@nanog.org\)" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Thu, Dec 27, 2012 at 2:47 PM, Blake Pfankuch <blake@pfankuch.me> wrote:
> Ok, so this might be a little off topic but I am trying to validate somet=
hing a vendor is telling me and hoping some people here have expertise in t=
his area...
>
> I am working with a SSL certificate provider. I am trying to purchase a =
quantity of wildcard SSL certificates to cover about 60 FQDN's across 4 dom=
ains. Vendor is telling me that the Wildcard certificates are licensed per=
physical device it is installed on. This means instead of using a single =
wildcard across 20 servers, I would have to buy 20 wildcard certs for 20 se=
rvers.
>
> This does not compute in my brain and also in my mind completely defeats =
the purpose of a wildcard cert as I know it. Has anyone run into this befo=
re?
>
> Thanks
> Blake
Blake
Many vendors assign to a single IP address. When you send your CSR it
is for one server only. Look at some of the public/free CAs to find
some unbiased info. You could hide everything behind a
proxy/loadbalancer if you want.
--=20
~ Andrew "lathama" Latham lathama@gmail.com http://lathama.net ~
